c0e7bb9eee31e97af3859e597809bfdccceb1fc29510fe801f4384961657e638

Sharing

Copy URL Twitter E-mail

General

Target

c0e7bb9eee31e97af3859e597809bfdccceb1fc29510fe801f4384961657e638
Size

499KB
MD5

04b10c757069450a3b52fe835918d8dc
SHA1

f265a9b8fff7350b73fb7e0a651db2d7a206e580
SHA256

c0e7bb9eee31e97af3859e597809bfdccceb1fc29510fe801f4384961657e638
SHA512

39dc5b8aea0ad4ca99b251f45dff838acfab839bea1e6f50bc3011cf016c33bcc4e413487d1e6ffc3f0ee2e5078a35420b746209c9e404e64f50d47a0d4ab2c4
SSDEEP

12288:V3siGyA4F9+brgpfXeNji4ymw179TswMsYa:KN4F9+brgxXeNjijmw1JF

Score

N/A

Malware Config

Signatures

Files

c0e7bb9eee31e97af3859e597809bfdccceb1fc29510fe801f4384961657e638
.dll regsvr32 windows x86

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_resetstkoflw
calloc
_purecall
_errno
_gcvt
_strlwr
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
iswalpha
iswprint
iswalnum
_vsnwprintf
iswascii
iswdigit
iswxdigit
iswlower
wcstol
iswcntrl
rand
srand
time
wcschr
_wcsicmp
strncmp
_wtoi
_snwprintf
_ui64toa
_msize
_i64toa
_ultoa
_fpclass
iswspace
wcstod
wcsncmp
_HUGE
_wcstoi64
_wcstoui64
_callnewh
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit
wcsncpy
_lock
_onexit
realloc
memcpy
memmove
??1type_info@@UAE@XZ
malloc
free
memset
_CIexp

kernel32

HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
SetFileAttributesW
CreateDirectoryW
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
GetVersionExW
GetStringTypeW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
lstrlenW
GetModuleFileNameW
FindResourceW
SizeofResource
LoadResource
GetLastError
CloseHandle
CreateEventW
SetEvent
GetVersionExA
InterlockedExchange
WideCharToMultiByte
HeapSize
lstrlenA
GetEnvironmentVariableW
Sleep
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchangeAdd
GetSystemInfo
FileTimeToSystemTime
GetLocalTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
LocalFree
LocalAlloc
SetLastError
GetSystemDirectoryW
QueueUserWorkItem
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileW
VirtualProtect
LockResource
GetProcAddress
LCMapStringW
GetProcessHeap

ole32

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID

oleaut32

SafeArrayUnlock
SafeArrayCreateVector
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
VariantClear
VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SysAllocStringLen

user32

UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
ConvertSidToStringSidW
RegQueryValueExW
IsValidSid
MakeAbsoluteSD
SetSecurityDescriptorDacl
LookupAccountNameW
CopySid
SetSecurityDescriptorSacl
GetLengthSid
MakeSelfRelativeSD
AddAce
InitializeAcl
GetSecurityDescriptorLength
GetAce
ConvertStringSidToSidW
InitializeSecurityDescriptor
GetAclInformation
AddAccessAllowedAceEx
TraceMessage
TraceEvent
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

shlwapi

ord15
UrlApplySchemeW
UrlEscapeW
UrlCanonicalizeW
UrlGetPartW
PathAppendW
UrlCombineW

rpcrt4

MesHandleFree
MesDecodeBufferHandleCreate

ws2_32

freeaddrinfo
WSAGetLastError
getaddrinfo
WSAStartup
WSACleanup
inet_ntoa

shell32

SHGetFolderPathW

secur32

GetUserNameExW

dnsapi

DnsQuery_W
DnsFree

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ole32

oleaut32

user32

advapi32

shlwapi

rpcrt4

ws2_32

shell32

secur32

dnsapi

crypt32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.data Size: 65KB - Virtual size: 65KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 412KB - Virtual size: 411KB

.data
Size: 65KB - Virtual size: 65KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB